Maybe One of the Most Ridicules Questions

Is it possible to suggest that some open source software may include some back-end slip up / hush hush code which is intended on spying or phishing or in some way used by hackers or even worse terrorists?

I am hoping that I am just too stupid to understand how software writing done and that there is no way in hell that what ever I am suggesting is possible. But is it ??